CVE-2018-1000136

HIGH EXPLOITED RANSOMWARE

Electron 1.7.0-1.7.12, 1.8.0-1.8.3, 2.0.0-beta.0-2.0.0-beta.3 - RCE via Webview Node Integration Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-1000136 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.

Description

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node integration AND has not specified if webview is enabled/disabled. This vulnerability appears to have been fixed in 1.7.13, 1.8.4, 2.0.0-beta.4.

References (2)

Core 2
Core References
Mitigation, Patch, Vendor Advisory x_refsource_misc
https://www.electronjs.org/blog/webview-fix

Scores

CVSS v3 8.1
EPSS 0.0478
EPSS Percentile 90.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2020-02-25
Ransomware Use Confirmed
CWE
CWE-20
Status published
Products (3)
electronjs/electron 2.0.0 (5 CPE variants)
electronjs/electron 1.7.0 - 1.7.12
npm/electron 1.7.0 - 1.7.13npm
Published Mar 23, 2018
Tracked Since Feb 18, 2026